Sunday, February 18, 2007

The Doghouse: Onboard Threat Detection System. The Doghouse: Onboard Threat Detection System. It's almost too absurd to even write about seriously -- this plan to spot terrorists in airplane seats: Cameras fitted to seat-backs will record every twitch, blink, facial expression or suspicious movement before sending the data to onboard software which will check it against individual passenger profiles. [...] They say that rapid eye movements, blinking excessively, licking lips or ways of stroking hair or ears are classic symptoms of somebody trying to conceal something. A separate microphone will hear and record even whispered remarks. Islamic suicide bombers are known to whisper texts from the Koran in the moments before they explode bombs. [Schneier on Security] 9:44:55 PM

Half of pirated Vista is malware. Half of pirated Vista is malware. You can't cheat an honest person, they say. Like generations of scammers before them, some malware writers are taking that "advice" to heart, releasing their Trojan software and keyloggers as "cracked" versions of Vista oon peer-to-peer service. Who's going to turn them in, after all -- a would-be pirate? [Computerworld Security News] 8:35:42 PM

Some PayPal users plagued by security warnings, login woes. Some PayPal users plagued by security warnings, login woes. Some users of PayPal are having trouble logging into the site and are getting security warnings -- problems apparently tied to an SSL security certificate used by Omniture, which is gathering data for the online payment site. [Computerworld Security News] 8:33:17 PM

Smokers may be the weak IT security link. Smokers may be the weak IT security link. Just when you thought there were no more ills to ascribe to tobacco, here's one that leaves your lungs alone and attacks your network instead. A U.K. security company is warning that smokers may undermine IT security, leaving open doors that could let in intruders who could abuse a company's network. [Computerworld Security News] 8:28:48 PM

Have you resold your data to crooks? Have you resold your data to crooks?  Eager to get into the identity-theft business? Don't bother breaking into a government employee's house or staking out an unsecured Wi-Fi hot spot. A recent study shows that a simple shopping jaunt on eBay or in a local used-tech store will pay off in personal info over half the time. [Computerworld Viruses News] 8:24:19 PM

Handling False Positives and Creating Custom Rules. Handling False Positives and Creating Custom Rules. It is inevitable; you will run into some False Positive hits when using web application firewalls. This is not something that is unique to ModSecurity. All web application firewalls will generate false positives from time to time. The following information will help to guide you through the process of identifying, fixing, implementing and testing new custom rules to address false positives. Every rule set can have false positive in new environments False Positives happen with ModSecurity + the Core Rules mainly as a byproduct of the fact that the rules are [base "]generic[per thou] in nature. There is no way to know exactly what web application is going to be run behind it. That is why the Core Rules are geared towards blocking the known bad stuff and forcing some HTTP compliancy. This catches the vast majority of attacks. Use DetectionOnly mode Any new installation should initially use the log only Rule Set version or if no such version is available, set ModSecurity to Detection only using the SecRuleEngine DetectionOnly command. After running ModSecurity in a detection only mode for a while review the events generated and decide if any modification to the rule set should be made before moving to protection mode. Don't be too hasty to remove a rule Just because a particular rule is generating a false positive on your site does not mean that you should remove the rule entirely. Remember, these rules were created for a reason. They are intended to block a known attack. By removing this rule completely, you might expose your website to the very attack that the rule was created for. This would be the dreaded False Negative. ModSecurity rules are open source Thankfully, since ModSecurity[base ']s rules are open source, this allows you the capability to see exactly what the rule is matching on and also allows you to create your own rules. With closed-source rules, you can not verify what it is looking for so you really have no other option but to remove the offending rule. [Web Security Blog] 8:08:40 PM

AOL and OpenID: Where we are It's not really a secret that AOL has been experimenting with OpenID. As I've said, I think that user-centric, interoperable identity is hugely important to enable the social experiences we're trying to provide. This is a work in progress, but things are coming along thanks to our authentication team's diligent effort. Here's where we are today: Every AOL/AIM user now has at least one OpenID URI, http://openid.aol.com/<;sn>. This experimental OpenID 1.1 Provider service is available now and we are conducting compatibility tests. We're working with OpenID relying parties to resolve compatibility issues. Our blogging platform has enabled basic OpenID 1.1 in beta, so every beta blog URI is also a basic OpenID identifier. (No Yadis yet.) We don't yet accept OpenID identities within our products as a relying party, but we're actively working on it. That roll-out is likely to be gradual. We are tracking the OpenID 2.0 standardization effort and plan to support it after it becomes final. Update: Thanks for all the responses; I've posted a followup over on dev.aol.com. 6:59:33 PM

AOL Now Supports OpenID. AOL Now Supports OpenID. Nurgled writes  "On Sunday John Panzer announced that AOL now has experimental OpenID server support. This means that every AOL user now has an OpenID identifier. OpenID is a decentralized cross-site authentication system which has been growing in popularity over the last few months. AOL is the first large provider to offer OpenID services, and though they do not currently accept logins to their services with OpenID identifiers from elsewhere, they are apparently working on it. The next big challenge for OpenID proponents is teaching AOL's userbase how to make use of this new technology."  [Slashdot] 6:56:54 PM

Is AT&T helping the NSA ? First your phone calls and now your e-mails (For Your Eyes Only? ) NOW | PBS. For Your Eyes Only? NOW | PBS This week, NOW reports on new evidence suggesting the existence of a secret government program that intercepts millions of private e-mails each day in the name of terrorist surveillance. News about the alleged program came to light when a former AT&T employee, Mark Klein, blew the whistle on what he believes to be a large-scale installation of secret Internet monitoring equipment deep inside AT&T's San Francisco office. The equipment, he contends, was created at the request of the U.S. government to spy on e-mail traffic across the entire Internet. Though the government and AT&T refuse to address the issue directly, Klein backs up his charges with internal company documents and personal photos. 2:53:13 PM

For Your Eyes Only? (Breaking the Story) NOW | PBS NOW's Deborah Runcie speaks to journalist Ryan Singel, who covers civil liberty and privacy issues, about his investigative work involving AT&T and the government's alleged secret surveillance of personal electronic mail. Singel's coverage appeared in Wired News. 2:43:54 PM

© Copyright 2007 Paul Hardwick. Last update: 3/4/07; 10:39:43 AM.